OpenStack Designate: ACL Flaw Exposes BIND Access Keys
CVE-2023-6725 Published on March 15, 2024
Tripleo-ansible: bind keys are world readable
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
Vulnerability Analysis
CVE-2023-6725 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public. 125 days later.
Weakness Type
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Products Associated with CVE-2023-6725
stack.watch emails you whenever new vulnerabilities are published in Red Hat Openstack Platform or Red Hat Openstack. Just hit a watch button to start following.
Affected Versions
Red Hat OpenStack Platform 17.1 for RHEL 8:- Version 0:14.3.1-17.1.20231103003762.el8ost and below * is unaffected.
- Version 0:3.3.1-17.1.20231101233754.el8ost and below * is unaffected.
- Version 0:14.3.1-17.1.20231103010840.el9ost and below * is unaffected.
- Version 0:3.3.1-17.1.20231101230831.el9ost and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.